一、Nginx
Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器,同时也提供了IMAP/POP3/SMTP服务。Nginx 是一个很强大的高性能Web和反向代理服务,它具有很多非常优越的特性。在连接高并发的情况下,Nginx是Apache服务不错的替代品
[root@test2 ansible]# ansible-galaxy install geerlingguy.nginx %下载网络上打包好的角色geerlingguy.nginx
[root@test2 ansible]# ansible-galaxy remove geerlingguy.nginx %移除角色
- successfully removed geerlingguy.nginx
[root@test2 ansible]# ansible-galaxy list
# /mnt/ansible/roles
- apache, (unknown version)
[root@test2 ansible]vim playbook.yml
---
- hosts: 10.4.17.114
roles:
- geerlingguy.nginx
在安装完上述打包好的角色后直接执行发现在114主机上nginx服务开启且端口号为80。注意:在114主机上httpd服务不能开启,因为httpd和nginx服务监听的都是80端口,因此无法同时开启这两个服务。且需要更改geerlingguy.nginx/default/main.yml文件,更改内容如下图:
二、利用角色实现时间同步
[root@test2 ~]# dnf install rhel-system-roles -y %安装相关角色包
[root@test2 doc]# cd rhel-system-roles/ %查看相关存储路径
[root@test2 rhel-system-roles]# ls
kdump network postfix selinux storage timesync
[root@test2 rhel-system-roles]# pwd
/usr/share/doc/rhel-system-roles
[root@test2 rhel-system-roles]# cd /usr/share/rh
rhel/ rhn/ rhsm-plugins/
[root@test2 rhel-system-roles]# cd /usr/share/ansible/roles/
[root@test2 roles]# ls
linux-system-roles.kdump linux-system-roles.storage rhel-system-roles.postfix
linux-system-roles.network linux-system-roles.timesync rhel-system-roles.selinux
linux-system-roles.postfix rhel-system-roles.kdump rhel-system-roles.storage
linux-system-roles.selinux rhel-system-roles.network rhel-system-roles.timesync
[root@test2 roles]# pwd
/usr/share/ansible/roles
复制/usr/share/doc/rhel-system-roles/timesync/中的相关playbook的相关例子到ansible.cfg文件所存在的目录下并对其进行更改
[root@test2 roles]vim timesync-playbook.yml
---
- hosts: webserver
vars:
timesync_ntp_servers:
- hostname: 172.25.1.250 %设定时间同步主机
iburst: yes
roles:
- rhel-system-roles.timesync
编辑完后执行该playbook,达到时间同步效果。
三、selinux更改
复制/usr/share/doc/rhel-system-roles/selinux /中的相关playbook的相关例子到ansible.cfg文件所存在的目录下并对其进行更改
[root@test2 roles]vim selinux-playbook.yml
---
- hosts: 10.4.17.114
vars:
selinux_policy: targeted
selinux_state: enforcing
selinux_booleans:
- {
name: 'samba_enable_home_dirs', state: 'on' }
selinux_fcontexts:
- {
target: '/samba(/.*)?', setype: 'samba_share_t', ftype: 'd' }
selinux_restore_dirs:
- /samba
selinux_ports:
- {
ports: '82', proto: 'tcp', setype: 'http_port_t', state: 'present' }
tasks:
- name: Creates directory
file:
path: /samba
state: directory
- name: execute the role and catch errors
block:
- include_role:
name: rhel-system-roles.selinux
rescue:
# Fail if failed for a different reason than selinux_reboot_required.
- name: handle errors
fail:
msg: "role failed"
编辑完该playbook执行可更改114主机中的selinux状态为enforcing,并且修改自己创建的/samba目录的安全上下文,且允许http服务使用82端口。
四、storage
首先选择一台虚拟机添加一块硬盘;
复制/usr/share/doc/rhel-system-roles/storage/中相关playbook的相关例子到ansible.cfg文件所存在的目录下并对其进行更改
[root@test2 roles]vim storage.yml
---
- hosts: server4
roles:
- name: rhel-system-roles.storage
storage_pools:
- name: app
disks:
- vdb
volumes:
- name: shared
size: "5 GiB"
mount_point: "/mnt/app/shared"
fs_type: xfs
state: present
- name: users
size: "4.9 GiB"
mount_point: "/mnt/app/users"
fs_type: ext4
state: present
执行完该剧本后可以创建lvm设备,并且能够开机自动挂载。
也可以不使用系统角色,使用自己编写剧本的方法来实现,相关Playbook内容如下:
---
- hosts: server4
tasks:
- name: create vg
lvg:
vg: demovg
pvs: /dev/vdb
- name: create lv
lvol:
vg: demovg
lv: "{
{ item }}"
size: 100%FREE
loop:
- demolv
when: item not in ansible_lvm['lvs']
- name: create xfs filesystem
filesystem:
fstype: xfs
dev: /dev/demovg/demolv
force: yes
- name: mount lv
mount:
path: /mnt/app
src: /dev/demovg/demolv
fstype: xfs
opts: noatime
state: mounted
也可以做一个单纯的硬盘分区,相关Playbook内容如下:
---
- hosts: server4
tasks:
- name: Create a new primary partition
parted:
device: /dev/vdb
number: 1
state: present
part_end: 1GiB
- name: create xfs filesystem
filesystem:
fstype: xfs
dev: /dev/vdb1
force: yes
- name: mount lv
mount:
path: /mnt/app
src: /dev/vdb1
fstype: xfs
opts: noatime
state: mounted